Hi im gonna have to reinstall windows server 2003 R2 on the main server.. I havent touched active directory since about 9 years?? So im gonna have to read some active directory & Group Policy guides to remember stuff... Specially setting up the profiles folders, and being able to access mapped drives from remote locations. (Any quick guide at hand?) Also Im thinking about installing a 3rd party firewall software on the server any recommendations? About Antivirus, i think i will renew a kapersky license for the main server and also for all the users computers connected to the domain. I suppose i could install it on all users computers through active directory but ill have to take a look at that also... So, any help on quick guides apreciated.. Thanks
a couple of things i would recommend you should do. find some MCSA server 2003 books on the internet that teach about active directory and managing servers. you can push out software via Group Policy with active directory since you said the computers are on a domain. if you can since server 2003 is reaching the end of life date this year, that means you wont get any updates from Microsoft anymore. so if you can i would upgrade to server 2008 r2 since its more secure and it has more features than server 2003.
Hi ill take a look at that thanks , i suggested the company to update to server 2012 or 2008 but they dont want to change any hardware at the moment... Yeah i remember you could install software via gpo.. but ill have to read howto as i dont hardly remember much .... Well the computers are in a domain, but ill format the main server reinstall win 2003 server, install active directory, make all the departments and add users to those departments, and slowly create the restrictions policies for each groups and users... By the way, when creating the new domain if i use the same name it prevouly had, would this avoid rejoining the domain from each users computer? i suppose not but.. it would save time from rejoining from about 50 users computers..
yes since the computers would be configured to join the server with the domain name. you may have to add each computer to active directory but most of the computers will find the domain controller once you configure it. you might have to reboot the computers to send out netbios packets on the network to find the domain controller and after that everything should work correctly depending on the network and such.
you got the right steps on setting up the server again, i know that you can set a group policy or i think their is a way to setup something for shares to only appear when users login into the domain. if users are going to be logging into the network from home using ssh or VPN. the best way to go is VPN since its easy to setup depending on what software / hardware they have for their vpn. i know for windows you have to install and setup the VPN role from the server manager and configure a network card with a static ip address. for security reasons you do not want users using RDP ever in a domain unless their are ether IT department staff that manage the data center or an administrator. then you can enable RDP for the IT department and disable RDP for the rest of the non-admin users via GPO or active directory. for backups, i would have another server with a good amount of storage on it and keep it off site or keep it in the same data center just not connected to the internet and such. plus with viruses like cryptolocker that encrypts everything plus mapped network drives, i would lock everything down with group policy to shutting off USB ports on computers so that the power portion only works and not the data portion of the usb ports to lower the chances of infection from a usb flashdrive.